• Document Up to Date

Configure Headers Based Authentication Enterprise only feature

Crafter Studio is able to integrate with any authentication system that sends custom HTTP headers containing information that will be used to authenticate the user in Studio. This section details how to setup Studio for headers based authentication.

Configure Studio for Headers Based Authentication

Configuring Studio for headers based authentication is very simple: in your Authoring installation, go to CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension and add the following lines to studio-config-override.yaml (of course, make any appropriate configuration changes according to your system):

 1# Studio authentication chain configuration
 2# studio.authentication.chain:
 3  # Authentication provider type
 4  # - provider: HEADERS
 5    # Authentication via headers enabled
 6    # enabled: false
 7    # Authentication header for secure key
 8    # secureKeyHeader: secure_key
 9    # Authentication headers secure key that is expected to match secure key value from headers
10    # Typically this is placed in the header by the authentication agent
11    # secureKeyHeaderValue: secure
12    # Authentication header for username
13    # usernameHeader: username
14    # Authentication header for first name
15    # firstNameHeader: firstname
16    # Authentication header for last name
17    # lastNameHeader: lastname
18    # Authentication header for email
19    # emailHeader: email
20    # Authentication header for groups: comma separated list of sites and groups
21    #   Example:
22    #   site_author,site_xyz_developer
23    # groupsHeader: groups
24    # Enable/disable logout for headers authenticated users (SSO)
25    # logoutEnabled: false
26    # If logout is enabled for headers authenticated users (SSO), set the endpoint of the SP or IdP logout, which should
27    # be called after local logout. The {baseUrl} macro is provided so that the browser is redirected back to Studio
28    # after logout (https://STUDIO_SERVER:STUDIO_PORT/studio)
29    # logoutUrl: /YOUR_DOMAIN/logout?ReturnTo={baseUrl}

From the above configuration, here are the attributes that Studio expects from the headers to be provided:

  • username
  • firstname
  • lastname
  • email
  • groups

The attribute secure_key is placed by the authentication agent in the header. The attribute enabled enables/disables headers authentication, make sure this is set to true for headers authentication

Configuring Logout

The Sign out button link is disabled/hidden by default when headers based authentication is enabled.

To enable Sign out for users signed in using headers based authentication, change the following lines (as described from the above configuration) in your studio-config-override.yaml (of course, make any appropriate configuration changes according to your system):

# Enable/disable logout for headers authenticated users (SSO)
# logoutEnabled: false
# If logout is enabled for headers authenticated users (SSO), set the endpoint of the SP or IdP logout, which should
# be called after local logout. The {baseUrl} macro is provided so that the browser is redirected back to Studio
# after logout (https://STUDIO_SERVER:STUDIO_PORT/studio)
# logoutUrl: /YOUR_DOMAIN/logout?ReturnTo={baseUrl}